Do you use SSL to secure Splunk Enterprise? Are you still using Splunk Enterprise version 6.2 or earlier? If you answered yes to both of these questions, please read on.
Securing communication with your Splunk instance can be essential in today’s digital environment, especially if it is collecting sensitive information. If communication to/from your Splunk instance can be easily intercepted (e.g. public access to SplunkWeb, Forwarders outside firewall) then this communication should be encrypted using SSL. Additionally, security functionality is constantly being enhanced to combat the evolving threat landscape so you should stay on as current a version of Splunk as possible.
You may have heard that the OpenSSL Software Foundation will cease support for OpenSSL version 1.0.1 as of Dec 31st, 2016. This means that new security vulnerabilities discovered in OpenSSL 1.0.1 will not be patched after this date.
Splunk Enterprise versions 6.0, 6.1, and 6.2 use OpenSSL 1.0.1. Hence, if you are running version 6.2 or earlier and use SSL to secure Splunk Enterprise we recommend that you upgrade to version 6.3 or higher.
An upgrade can also be a great opportunity for you to benefit from the latest advances in Splunk Enterprise. E.g., The latest version (6.5) includes several enhancements that make data analysis faster and easier, lower TCO, and extend the flexibility and value of the platform. Read more about the latest release of Splunk Enterprise.
What do I do next?
If you are currently running version 6.2 or earlier, please feel free to contact your Splunk account manager or partner with any questions. We can help you establish a migration path that is right for your business, and our Professional Services team has several service offerings to assist you with your upgrade.
Please continue to monitor the Splunk Security Portal for the latest Splunk Product Security Announcements.
For more information about how SSL is used to secure Splunk Enterprise, please visit Splunk Enterprise docs.